Rejected queries for mx???.emailfiltering.com
Chris Adams
cmadams at hiwaay.net
Wed Jan 19 20:28:41 UTC 2011
Once upon a time, Phil Mayers <p.mayers at imperial.ac.uk> said:
>On the subject of rejected queries - although this isn't a bind question
>per-se, I'm curious if anyone else here sees a lot of these:
>
>client 178.123.92.141#23861: view main: query (cache)
>'mx242.emailfiltering.com/A/IN' denied
>
>We get *loads* of them to our authoritative resolvers. I am assuming
>they are attempts at cache poisoning given the (ahem) dubious
>geographical origin of the queries (no offense intended to anyone living
>in those parts of the world) but I can't see any corresponding inbound
>forged DNS packets in our netflow.
Do you have domains listing mx242.emailfiltering.com as an MX? I have
seen some broken resolvers that will do an MX lookup and then turn
around and do A lookups for the MX hosts at the same DNS server.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the bind-users
mailing list